cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IdM and Composite roles

Former Member

on ‎08-03-2011 2:53 PM

0 Kudos

Hi,

I don't believe composite roles provides a good solution, but with IdM implementation is it recommended to go with Composite roles though IdM uses business roles which can be built using component system roles, which is the same concept.

Is it a standard practice or is it advisable to have a business roles tied to a composite role, if so what are the pros and cons of doing that in IdM

All opinions welcome

Thanks,

Joe.P

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎08-03-2011 11:21 PM
0 Kudos

We have a definitive policy not to allow composite roles in our back-end SAP systems, specifically because it causes serious visibility issues.

We have an extensive (and hopefully responsible) set of role owners/approvers for our various IdM roles. When one of them looks at their role display page in our UI, they see the complete list of everyone who has their role. When composite roles are used in the backend, it is harder for them to keep a clear picture, as someone can technically have their role but not show up on their list (because they are getting it from a different role directly in the back-end system).

I remember that there were other more minor reasons, but for this reason alone I definitely recommend you use the "IdM Business Roles" as your compositing tool, and do not nest roles in back-end systems!

Show replies
Show replies
Former Member
‎08-04-2011 1:26 PM
0 Kudos

Thanks Adam,

For sharing your experiences and opinions. I do agree with you but at the same time I do see SAP recommends to stay away from Composite roles if we are going with GRC implementation, however I never seen such recommendations from IdM point of view, not sure if anyone had seen those.

Thanks,

Joe.P

Former Member
‎08-04-2011 7:26 PM
0 Kudos

Yeah, we use GRC, and it works fine with IdM Business Roles. Were you saying GRC was just another reason why composite roles in SAP systems were bad? Or why not to use them in IdM either?

Ask a Question